SA-CONTRIB-2014-111 - Protected Pages - Password Protection Bypass

Protected Pages modules allows the administrator to secure any page in your website by password by configuring a add path and the associated password. The module did not sufficiently protect variations on the protected path. CVE identifiers issued CVE-2014-9024 Versions affected Protected Pages...

CVE-2014-4425

CVE-2014-4425 affects CFPreferences handling on Apple OS X pre-10.10. The setting “require password after sleep or screen saver begins” may not be enforced, enabling access by physically proximate attackers with unattended workstations. Apple’s public security content ties this issue to OS X Yose...

Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)

Linux/x86-64 - Reverse TCP 127.0.0.1:4444/TCP Shell /bin/sh + Password hell Shellcode 136 bytes. Shellcode exploit for Linuxx86-64 platform ; =================================================================== ; Password Protected Reverse Shell ; Author: SLAE64-1351 Keyman ; Date: 04/09/2014 ; ;...

Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)

Linux/x86-64 - Bind TCP 4444/TCP Shell /bin/sh + Password hell Shellcode 147 bytes. Shellcode exploit for Linuxx86-64 platform ; =================================================================== ; Password Protected Bind Shell ; Author: SLAE64-1351 Keyman ; Date: 03/09/2014 ; ; Shellcode length...

CVE-2014-5337

WordPress Mobile Pack Plugin for WordPress is affected (versions before 2.0.2). An information-disclosure vulnerability allows remote attackers to read password-protected posts via an exportarticles action to export/content.php. Remediation: update to version 2.0.2 or later.

Apple TV Video Remote Control

This module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Ruby's WEBrick. For WEBrick, the default MIME list may need to be updated, depending on what media file is to be...

Apple TV Image Remote Control

This module will show an image on an AppleTV device for a period of time. Some AppleTV devices are actually password-protected, in that case please set the PASSWORD datastore option. For password brute forcing, please see the module auxiliary/scanner/http/appletvlogin. This module requires...

Snom IP Phone Web Interface < 8 - Multiple Vulnerabilities

No description provided by source. / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] ----------------------------------- Snom...

Polycom IP Phone Web Interface Data Diclosure Vulnerability

No description provided by source. / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...

LocalWEB2000 2.1.0 Standard - File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4820/info A vulnerability exists in LocalWEB2000 related to content password protection. It is possible to have LocalWEB2000 treat files as unprotected by requesting them as files within the '.' current directory. If the...

3Com SuperStack II PS Hub 40 TelnetD Weak Password Protection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3034/info A vulnerability exists in certain models of 3Com hubs and potentially other 3Com network products. The affected devices fail to properly restrict the allowed number of login attempts to the inbuilt telnet-based...

Palm OS 3.5.2 Weak Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1715/info Palm OS is shipped with a security feature which enables a user to set password protection on various applications.The HotSync process allows a user to connect to a machine on the network through their Palm...

Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities

No description provided by source. Title: ====== Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=883 VL-ID: ===== 883 Common Vulnerability Scoring System: ==================================...

Savant Webserver 3.1 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5709/info Savant Webserver is vulnerable to an input validation bug, that could allow malicious users access to password protected folders. It should be noted that versions below 3.1 may also be vulnerable to this issue...

SAP Router - Timing Attack Password Disclosure

SAP Router is an application-level gateway used to connect systems in a SAP infrastructure. A vulnerability have been found in SAP Router that could allow an unauthenticated remote attacker to obtain passwords used to protect route entries by a timing side-channel attack. SAP Router Password Timi...

How to Protect yourself from the 'Heartbleed' Bug

Millions of websites, users' passwords, credit card numbers and other personal information may be at risk as a result of the Heartbleed security flaw, a vulnerability in widely used cryptographic library 'OpenSSL'. READ DETAILS HERE Netcraft survey says that about half a million widely trusted...

Canon PIXMA MX722 Printer Wireless Password Disclosure

Affects: Canon PIXMA MX722 Printer and probably other Canon printers. After typing my WPA2 WiFi password into the printer through the built-in hardware keypad, it exposes the cleartext password to the LAN through an admin page that isn't password protected:...

CVE-2013-4496

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 1 SAMR or 2 RAP attempts...

CVE-2013-4496

CVE-2013-4496 affects Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6. The issue is that the password-guessing protection mechanism was not enforced on all interfaces, enabling remote attackers to brute-force access via ChangePasswordUser2 (SAMR or RAP) attempts. The connecte...

CVE-2013-4496

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 1 SAMR or 2 RAP attempts...